Skip to main content

CAF-AI-001 AI-Assisted Vulnerability Triage

This draft standard defines minimum expectations for using AI during vulnerability triage.

Requirements

  • AI output must be treated as an assistant, not the final authority.
  • Findings must include affected asset context, observed behavior, security impact, and reproduction notes.
  • Confidence must be tied to evidence quality.
  • Human review is required before publication or escalation.

Contribution status

This standard is open for community review and improvement.